7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
28.7%
It is possible to put the same line item multiple one in the cart using API, the Cart Validators checked the line item’s individuality and the user was able to skip the clearance sale in cart
The problem has been fixed with 6.4.18.1
For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Or disable the newsletter registration completely.
docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
github.com/shopware/platform
github.com/shopware/platform/commit/4fce12096e54b2033832d9104fa2e68888c2b4e9
github.com/shopware/platform/security/advisories/GHSA-8r6h-m72v-38fg
nvd.nist.gov/vuln/detail/CVE-2023-22730